It isn't a new post. However, I missed it. I just read a blog post from Hey, Scripting Guy! Blog to talk about "Decrypt PowerShell Secure String Password". Sometimes, we may save a credential to a variable like this.
$Cred = Get-Credential
Based on "GetNetworkCredental" method, we can easily get the user name and password.
We enter $Cred.GetNetworkCredential().password. The password was showed.
If we perform $Cred.GetNetworkCredential() | FL, we can see all information of this credential.
If we export the credential to a XML by performing Get-Credential | Export-Clixml, someone can extract the password by above method.
This posting is provided “AS IS” with no warranties, and confers no rights!